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Clarification of the Flowspec Redirect Extended Community 


Abstract 
This document updates RFC 5575 ("Dissemination of Flow Specification 
Rules") to clarify the formatting of the BGP Flowspec Redirect 
Extended Community. 
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1. Introduction 


"Dissemination of Flow Specification Rules" [RFC5575], commonly known 
as BGP Flowspec, provided for a BGP Extended Community [RFC4360] that 
served to redirect traffic to a Virtual Routing and Forwarding (VRF) 
instance that matched the flow specification’s Network Layer 
Reachability Information (NLRI). In RFC 5575, the Redirect Extended 
Community was documented as follows: 


Redirect: The redirect extended community allows the traffic to be 
redirected to a VRF routing instance that lists the specified 
route-target in its import policy. If several local instances 
match this criteria, the choice between them is a local matter 

(for example, the instance with the lowest Route Distinguisher 
value can be elected). This extended community uses the same 
encoding as the Route Target extended community [RFC4360]. 

eee | 


11. IANA Considerations 
[eas] 


The following traffic filtering flow specification rules have been 
allocated by IANA from the "BGP Extended Communities Type - 
Experimental Use" registry as follows: 


Penga] 
0x8008 - Flow spec redirect 


The IANA registry of BGP Extended Communities clearly identifies 
communities of specific formats. For example, "Two-octet AS Specific 
Extended Community" [RFC4360], "Four-octet AS Specific Extended 
Community" [RFC5668], and "IPv4 Address Specific Extended Community" 
[RFC4360]. Route Targets [RFC4360] identify this format in the high- 
order (Type) octet of the Extended Community and set the value of the 
low-order (Sub-Type) octet to 0x02. The Value field of the Route 
Target Extended Community is intended to be interpreted in the 
context of its format. 
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Since the Redirect Extended Community only registered a single 
codepoint in IANA’s BGP Extended Community registry, a common 
interpretation of the Redirect Extended Community’s "6-byte Route 
Target" has been to look, at a receiving router, for a Route Target 
value that matches the Route Target value in the received Redirect 
Extended Community and import the advertised route to the 
corresponding VRF instance subject to the rules defined in [RFC5575]. 
However, because the Route Target format in the Redirect Extended 
Community is not clearly defined, the wrong match may occur. 


This "value wildcard" matching behavior, which does not take into 
account the format of the Route Target defined for a local VRF and 
may result in the wrong matching decision, does not match deployed 
implementations of BGP Flowspec. Deployed implementations of BGP 
Flowspec solve this problem by defining different Redirect Extended 
Communities that are specific to the format of the Route Target 


value. This document defines the following Redirect Extended 
Communities: 
4+--------+----------- ------ - 4-5 = + 


| 0x8008 
| 0x8108 
| 0x8208 


redirect AS-2byte 
redirect IPv4 
redirect AS-4byte 


2-octet AS, 4-octet Value | 
4-octet IPv4 Address, 2-octet Value | 
4-octet AS, 2-octet Value 


It should be noted that the low-order nibble of the Redirect’s Type 
field corresponds to the Route Target Extended Community format field 
(Type). (See Sections 3.1, 3.2, and 4 of [RFC4360] plus Section 2 of 
[RFC5668].) The low-order octet (Sub-Type) of the Redirect Extended 
Community remains 0x08, in contrast to 0x02 for Route Targets. 


The IANA registries for the BGP Extended Communities document 
[RFC7153] was written to update the previously mentioned IANA 
registries to better document BGP Extended Community formats. The 
IANA Considerations section below further amends those registry 
updates in order to properly document the Flowspec redirect 
communities. 
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2. IANA Considerations 
2.1. BGP Transitive Extended Community Types 


TANA has updated the "BGP Transitive Extended Community Types" 
registry as follows: 


0x81 - Generic Transitive Experimental Use Extended Community Part 2 
(Sub-Types are defined in the "Generic Transitive 
Experimental Extended Community Part 2 Sub-Types" Registry) 


0x82 - Generic Transitive Experimental Use Extended Community Part 3 
(Sub-Types are defined in the "Generic Transitive 
Experimental Use Extended Community Part 3 Sub-Types" 
Registry) 


2.2. Update to BGP Generic Transitive Experimental Use Extended 
Community Sub-Types 


IANA has updated the "BGP Generic Transitive Experimental Use 
Extended Community Sub-Types" registry as follows: 


0x08 - Flow spec redirect AS-2byte format [RFC5575] [RFC7674] 
2.3. Generic Transitive Experimental Use Extended Community Part 2 
Sub-Types 


IANA has created the "Generic Transitive Experimental Use Extended 
Community Part 2 Sub-Types" registry. This has been created under 
the "Border Gateway Protocol (BGP) Extended Communities" registry and 
contains the following note: 


This registry contains values of the second octet (the "Sub-Type" 
field) of an extended community when the value of the first octet 
(the "Type" field) is 0x81. 


Registry Name: Generic Transitive Experimental Use Extended Community 
Part 2 Sub-Types 


RANGE REGISTRATION PROCEDURE 

0x00-Oxbf First Come First Served 

Oxc0O-Oxff IETF Review 

SUB-TYPE VALUE NAME REFERENCE 
0x00-0x07 Unassigned 

0x08 Flow spec redirect IPv4 format [RFC7674] 
0x09-Oxff Unassigned 
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2.4. Generic Transitive Experimental Use Extended Community Part 3 
Sub-Types 


IANA has created the "Generic Transitive Experimental Use Extended 
Community Part 3 Sub-Types" registry. This registry has been created 
under the "Border Gateway Protocol (BGP) Extended Communities" 
registry and contains the following note: 


This registry contains values of the second octet (the "Sub-Type" 
field) of an extended community when the value of the first octet 
(the "Type" field) is 0x82. 


Registry Name: Generic Transitive Experimental Use Extended Community 
Part 2 Sub-Types 


RANGE REGISTRATION PROCEDURE 
0x00-Oxbf First Come First Served 
Oxc0O-Oxff IETF Review 
SUB-TYPE VALUE NAME REFERENCE 
0x00-0x07 Unassigned 
0x08 Flow spec redirect AS-4byte format [RFC7674] 
0Ox09-Oxff Unassigned 
3. Security Considerations 


This document introduces no additional security considerations than 
those already covered in [RFC5575]. It should be noted that if the 
wildcard behavior were actually implemented, this ambiguity may lead 
to the installation of Flowspec rules in an incorrect VRF and may 
lead to traffic to be incorrectly delivered. 
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